How to compute and generate a user password so it can be copied into the shadow file directly.

Solution and results description

The description of how the password is created can be found here:

$ man shadow
encrypted password
Refer to crypt(3) for details on how this string is interpreted.
$ man 3 crypt
Glibc Notes
The glibc2 version of this function supports additional encryption algorithms.
If salt is a character string starting with the characters "$id$" followed by a string terminated by "$":
$id$salt$encrypted
then instead of using the DES machine, id identifies the encryption method used and this then determines how the rest of the password string is interpreted. The following
values of id are supported:
ID | Method
─────────────────────────────────────────────────────────
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
So $5$salt$encrypted is an SHA-256 encoded password and $6$salt$encrypted is an SHA-512 encoded one.
"salt" stands for the up to 16 characters following "$id$" in the salt. The encrypted part of the password string is the actual computed password. The size of this string
is fixed:
MD5 | 22 characters
SHA-256 | 43 characters
SHA-512 | 86 characters

Analyzing the shadow line for the demo user we can see that his password:

The first impression that we could simply use a tool to generate an SHA digest isn't going to work unfortunately. The reason is that SHA512 generates only a 512 bit long message digest (that is 64 char string) and the password in shadow file is 86 char long.

Further researching found out that even though the 'crypt' function uses the standard SHA crypto function it varies in a number of ways to produce the 86 char long string. An interesting blog describing the algorithm can be found here: http://www.vidarholen.net/contents/blog/?p=33.

Last posts

About Me

Linux enthusiast

Profile:Curious systems engineer interested in many of the IT technologies but especially in cloud systems and network engineering. A quick learner who likes to tinker and who often spent time researching and trying new technologies for personal and business benefit.

Please note that the code available here is only for demonstration purposes. If you want to be serious, you'll have to make it more robust and integrate it. Also, the description is by no means a definitive reference on any of the subjects, but rather the result of my experimentation. Feel free to report any bugs or errors you find in the code or otherwise in the articles. Thanks